Merge branch 'master' into feat/GPE-1173

files/squid_whitelist/web_whitelist

@@ -15,7 +15,6 @@ ctds-planx.atlassian.net
 data.cityofchicago.org
 dataguids.org
 api.login.yahoo.com
-api.snapcraft.io
 apt.kubernetes.io
 argoproj.github.io
 archive.cloudera.com

files/squid_whitelist/web_wildcard_whitelist

@@ -97,6 +97,8 @@
 .sks-keyservers.net
 .slack.com
 .slack-msgs.com
+.snapcraft.io
+.snapcraftcontent.com
 .sourceforge.net
 .southsideweekly.com
 .theanvil.io

flavors/squid_auto/squid_running_on_docker.sh

@@ -74,10 +74,18 @@ function install_docker(){
   # Docker
   ###############################################################
   # Install docker from sources
-  curl -fsSL ${DOCKER_DOWNLOAD_URL}/gpg | sudo apt-key add -
-  add-apt-repository "deb [arch=amd64] ${DOCKER_DOWNLOAD_URL} $(lsb_release -cs) stable"
-  apt update
-  apt install -y docker-ce
+  if [[ $DISTRO == "Ubuntu" ]]; then
+    curl -fsSL ${DOCKER_DOWNLOAD_URL}/gpg | sudo apt-key add -
+    add-apt-repository "deb [arch=amd64] ${DOCKER_DOWNLOAD_URL} $(lsb_release -cs) stable"
+    apt update
+    apt install -y docker-ce
+  else
+    sudo yum update -y
+    sudo yum install -y docker   
+    # Start and enable Docker service
+    sudo systemctl start docker
+    sudo systemctl enable docker
+  fi
   mkdir -p /etc/docker
   cp ${SUB_FOLDER}/flavors/squid_auto/startup_configs/docker-daemon.json /etc/docker/daemon.json
   chmod -R 0644 /etc/docker

gen3/bin/kube-setup-argo-wrapper.sh

@@ -19,5 +19,16 @@ if [[ -z "$GEN3_SOURCE_ONLY" ]]; then
   gen3 roll argo-wrapper
   g3kubectl apply -f "${GEN3_HOME}/kube/services/argo-wrapper/argo-wrapper-service.yaml"
 
+  if g3k_manifest_lookup .argo.argo_server_service_url 2> /dev/null; then
+    argo_server_service_url=$(g3k_manifest_lookup .argo.argo_server_service_url)
+
+    export ARGO_HOST=${argo_server_service_url}
+    export ARGO_NAMESPACE=argo-$(gen3 db namespace)
+    envsubst <"${GEN3_HOME}/kube/services/argo-wrapper/config.ini" > /tmp/config.ini
+
+    g3kubectl delete configmap argo-wrapper-namespace-config
+    g3kubectl create configmap argo-wrapper-namespace-config --from-file /tmp/config.ini
+  fi
+
   gen3_log_info "the argo-wrapper service has been deployed onto the kubernetes cluster"
-fi
+fi

gen3/bin/kube-setup-karpenter.sh

@@ -79,6 +79,14 @@ gen3_deploy_karpenter() {
                   "Effect": "Allow",
                   "Resource": "*",
                   "Sid": "ConditionalEC2Termination"
+              },
+              {
+                  "Sid": "VisualEditor0",
+                  "Effect": "Allow",
+                  "Action": [
+                      "kms:*"
+                  ],
+                  "Resource": "*"
               }
           ],
           "Version": "2012-10-17"

gen3/bin/kube-setup-revproxy.sh

@@ -111,15 +111,14 @@ for name in $(g3kubectl get services -o json | jq -r '.items[] | .metadata.name'
   fi
 done
 
-if g3kubectl get namespace argo > /dev/null 2>&1;
-then
-  for argo in $(g3kubectl get services -n argo -o jsonpath='{.items[*].metadata.name}');
-  do
-    filePath="$scriptDir/gen3.nginx.conf/${argo}.conf"
-    if [[ -f "$filePath" ]]; then
-      confFileList+=("--from-file" "$filePath")
-    fi
-  done
+
+if g3k_manifest_lookup .argo.argo_server_service_url 2> /dev/null; then
+  argo_server_service_url=$(g3k_manifest_lookup .argo.argo_server_service_url)
+  g3k_kv_filter "${scriptDir}/gen3.nginx.conf/argo-server.conf" SERVICE_URL "${argo_server_service_url}" > /tmp/argo-server-with-url.conf
+  filePath="/tmp/argo-server-with-url.conf"
+  if [[ -f "$filePath" ]]; then
+    confFileList+=("--from-file" "$filePath")
+  fi 
 fi
 
 if g3kubectl get namespace argocd > /dev/null 2>&1;

kube/services/argo-wrapper/argo-wrapper-deploy.yaml

@@ -58,7 +58,10 @@ spec:
           configMap:
             name: manifest-argo
             optional: true
-
+        - name: argo-wrapper-namespace-config
+          configMap:
+            name: argo-wrapper-namespace-config
+
       containers:
       - name: argo-wrapper
         GEN3_ARGO-WRAPPER_IMAGE
@@ -70,3 +73,7 @@ spec:
             readOnly: true
             mountPath: /argo.json
             subPath: argo.json
+          - name: argo-wrapper-namespace-config
+            readOnly: true
+            mountPath: /src/config.ini
+            subPath: config.ini

kube/services/argo-wrapper/config.ini

@@ -0,0 +1,4 @@
+[DEFAULT]
+ARGO_ACCESS_METHOD = access
+ARGO_HOST = $ARGO_HOST
+ARGO_NAMESPACE = $ARGO_NAMESPACE

kube/services/revproxy/gen3.nginx.conf/argo-argo-workflows-server.conf → kube/services/revproxy/gen3.nginx.conf/argo-server.conf

@@ -7,7 +7,7 @@
               auth_request /gen3-authz;
 
               set $proxy_service  "argo";
-              set $upstream http://argo-argo-workflows-server.argo.svc.cluster.local:2746;
+              set $upstream SERVICE_URL;
 
               rewrite ^/argo/(.*) /$1 break;
 

packer/configs/web_wildcard_whitelist

@@ -44,4 +44,5 @@
 .yahooapis.com
 .cloudfront.net
 .docker.io
+.blob.core.windows.net
 .googleapis.com